(DataFlex) Xero 2 Legged OAuth for Private Application

This example demonstrates the REST object for 2-legged OAuth for a private application.

Note: This example requires Chilkat v9.5.0.64 or later.

An application can setup OAuth1 for a given instance of the Chilkat REST object, and then use the instance for many REST API calls. This example demonstrates the OAuth1 setup and initial connection. This code would typically be placed in a subroutine/function to "initalize" the REST object before beginning to use it for REST HTTP requests.

Note: Xero private applications use 2 legged OAuth and bypass the user authorization workflow in the standard OAuth process. Private applications are linked to a single Xero organisation which is chosen when you register your application. In summary: 2-legged OAuth1 is for applications that access the data that they themselves own.

Chilkat ActiveX Downloads

Use ChilkatAx-9.5.0-win32.pkg
Procedure TestHandle hoRest
String sConsumerKey
String sConsumerSecret
Handle hoPfx
Boolean iSuccess
Variant vPrivKeyFromPfx
Handle hoPrivKeyFromPfx
Handle hoPrivKeyFromPem
Variant vOauth1
Handle hoOauth1
Boolean iBAutoReconnect
String sTemp1
Boolean bTemp1
// This example requires Chilkat v9.5.0.64 or later// This sample code would typically be placed in a subroutine or function// where the rest object is passed by reference.// It does the OAuth1 setup and makes the initial connection.Get Create (RefClass(cComChilkatRest)) To hoRest
If (Not(IsComObjectCreated(hoRest))) BeginSend CreateComObject of hoRest
EndMove"XERO_PRIVATE_APP_KEY"To sConsumerKey
Move"XERO_PRIVATE_APP_SECRET"To sConsumerSecret
// Let's get our private key from our PFX (password protected), or the PEM (unprotected).// You can decide which to use. Either is OK, although I would recommend keeping your// private keys in a PFX and not in an unprotected PEM.Get Create (RefClass(cComChilkatPfx)) To hoPfx
If (Not(IsComObjectCreated(hoPfx))) BeginSend CreateComObject of hoPfx
EndGetComLoadPfxFileOf hoPfx "qa_data/certs/xero_private_app/public_privatekey.pfx""PFX_PASSWORD"To iSuccess
If (iSuccess <> True) BeginGetComLastErrorTextOf hoPfx To sTemp1
Showln sTemp1
Procedure_ReturnEndGetComGetPrivateKeyOf hoPfx 0To vPrivKeyFromPfx
If (IsComObject(vPrivKeyFromPfx)) BeginGet Create (RefClass(cComChilkatPrivateKey)) To hoPrivKeyFromPfx
Set pvComObject Of hoPrivKeyFromPfx To vPrivKeyFromPfx
EndGetComLastMethodSuccessOf hoPfx To bTemp1
If (bTemp1 <> True) BeginGetComLastErrorTextOf hoPfx To sTemp1
Showln sTemp1
Procedure_ReturnEnd// Or we can load from a PEM..Get Create (RefClass(cComChilkatPrivateKey)) To hoPrivKeyFromPem
If (Not(IsComObjectCreated(hoPrivKeyFromPem))) BeginSend CreateComObject of hoPrivKeyFromPem
EndGetComLoadPemFileOf hoPrivKeyFromPem "qa_data/certs/xero_private_app/privatekey.pem"To iSuccess
If (iSuccess <> True) BeginGetComLastErrorTextOf hoPrivKeyFromPem To sTemp1
Showln sTemp1
Procedure_ReturnEnd// Note: There are many other means for loading a private key, including// from other formats and directly from memory (i.e. not file-based).Get Create (RefClass(cComChilkatOAuth1)) To hoOauth1
If (Not(IsComObjectCreated(hoOauth1))) BeginSend CreateComObject of hoOauth1
EndSetComConsumerKeyOf hoOauth1 To sConsumerKey
SetComConsumerSecretOf hoOauth1 To sConsumerSecret
SetComTokenOf hoOauth1 To sConsumerKey
SetComTokenSecretOf hoOauth1 To sConsumerSecret
SetComSignatureMethodOf hoOauth1 To"RSA-SHA1"GetComSetRsaKeyOf hoOauth1 vPrivKeyFromPfx To iSuccess
Send Destroy of hoPrivKeyFromPfx
// Make the initial connection.// A single REST object, once connected, can be used for many Xero REST API calls.// The auto-reconnect indicates that if the already-established HTTPS connection is closed,// then it will be automatically re-established as needed.MoveTrueTo iBAutoReconnect
GetComConnectOf hoRest "api.xero.com"443True iBAutoReconnect To iSuccess
If (iSuccess <> True) BeginGetComLastErrorTextOf hoRest To sTemp1
Showln sTemp1
Procedure_ReturnEnd// Finally, install the OAuth1 authenticator.// (It make no difference whether this happens before or after the// connection is established.)
Get pvComObject of hoOauth1 to vOauth1
GetComSetAuthOAuth1Of hoRest vOauth1 FalseTo iSuccess
Showln"OK, the Xero OAuth1 is initialized and the REST object is ready to make REST API calls.."End_Procedure